According to in-browser security specialist Trusteer, its research has revealed that the malware has extended its reach to sites with user credentials that allow assets that have a financial value.
The move, says Amit Klein, the firm's CTO, mirrors the evolution of card fraud in the 1980s and 1990s, when fraudsters initially targeted banks for cash advance fraud, then - as the banks developed their internal anti-fraud resources - moved over to quasi-cash platforms such as foreign currency purchases and then over to retail and e-tail sales outlets.
Klein said that the parallels between card fraud evolution and the evolution of ZeuS is reflected in the attack vectors against a few websites that his team of researchers have identified as being targeted.
Sites targeted by ZeuS include Moneybookers and Web Money, the latter of which is an online payment solution that claims to have more than 12 million active users.
Web Money, says Klein, is targeted by 13 different ZeuS configurations, with the last one released on January 16, indicating that this is hot target for fraudsters.
Another ZeuS popular target is Nochex, a UK based online payment company specialising in smaller online businesses. Nochex is targeted by 12 different Zeus configurations with the last one also released on January 16.
Klein said that he believes this trend of targeting online payment providers will continue as more retailers allow these alternate payment methods with their Web sites.
Users, he explained, need to protect their PC or access terminal, using secure browsing services and solutions that specialise in protecting online payments and online banking.
"Users should also avoid using public access computers, as well as computers you do not own and therefore have direct control over", he said, adding that retailers and payment providers, meanwhile, need to assess the risk associated with their customers' endpoint devices.
"They should, we believe, reject transactions from accounts used over insecure endpoints", he said.